Can I move access_log?

Community Support
1

Greetings.

I have a VPS with nginx (RP) + Apache. Creating a custom template I have seen that the access_logs are inside…

location / {
location ~* ^.+.(%proxy_extensions%)$ {

Doesn’t that prevent accesses resolved directly by nginx from being logged? Is there any reason why it should be there? In other words… Can I move those lines higher up, in the server block, before the error codes, without collateral damage or side effects?

This is a question from an inexperienced user, so thank you for your patience

2

Hi,

Keep in mind that in an Nginx + Apache2 configuration, Nginx acts as a proxy, so it only logs the files it serves directly (such as proxy_extensions). All other access logs are handled by Apache2.

    CustomLog /var/log/%web_system%/domains/%domain%.log combined

Note: Keep in mind that, regardless of which service manages the access log, both Nginx and Apache2 write to the same log file: /var/log/apache2/domains/YourDomain.log.

3

Thanks for your reply,

Is CustomLog necessary? So, I understand that moving access_log could affect some Hestia functions? Or do you assume those lines should be commented?

I’ve tried moving them to the server block. Accesses from both servers seem to be logging correctly in the same file. You know how it is: that primate instinct to try things without knowing what you’re doing… :love_you_gesture:

This would solve two things for me:

  1. Obtain a log of all accesses, including those cached by nginx, to have complete statistical data with tools that read logs (goaccess, matomo…).
  2. Log accesses with error code 444, originating from the rate limit configuration. I can then easily use that with fail2ban.
4

Yes.

No, it won’t affect Hestia functions directly but could affect your site’s logs.

I wouldn’t touch them.

You should already have all that info in your log without modifying the templates.

You should have them in the error log.

5

Wep,

My mistake: the problem I see with cached accesses is at the browser level. I’ll have to review the headers. You helped me see the problem. Thank you!

I’ve never had them (or never seen them). The command…

grep ‘ 444 ’ /var/log/apache2/domains/*.error.log

…never showed any output with the default configuration. Records did appear when I moved the lines. Did I look in the wrong place?

Anyway, I can fix it by adding a location or including the error code inside the if. Thank you very much! :+1:

1 Like